On Mon, Aug 15, 2016 at 03:42:43PM +0200, Salvatore Bonaccorso wrote: > I can confirm that an update is beeing worked on, cf [1]. > > [1] > https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=jessie-security&id=1bd5c3370523e5846019361b33a97c754db76f8d
Is this not an incomplete fix? I see that <https://security-tracker.debian.org/tracker/CVE-2016-5696> claims that 75ff39c (committed July 10) fixes the issue, but the researcher said at <https://www.mail-archive.com/[email protected]/msg118843.html> (July 10) that it may be an incomplete fix. <http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=083ae30> (committed July 15) may be a more complete fix. Someone who understands the kernel and TCP better than I should cast their eyes over it and consider having it be backported before Debian releases a new kernel and publishes a DSA. -- Justin
